Experiment with blocking more parser-inserted script. |
|||
Issue descriptionaaj@ suggests that we might consider something that would "prevent executing any scripts added to the page via parser-based DOM APIs". It's not entirely clear to me how we'd best define the contours of that, but let's sketch it out and then bring it to WebAppSec for discussion.
,
Mar 9 2017
Just filed: https://github.com/w3c/webappsec-csp/issues/191
,
Nov 10 2017
,
Feb 18 2018
|
|||
►
Sign in to add a comment |
|||
Comment 1 by mkwst@chromium.org
, Feb 17 2017